On 11/21/2014 09:01 AM, Birta Levente wrote:
On 21/11/2014 15:48, Robert Moskowitz wrote:
On 11/21/2014 04:13 AM, Tamsy wrote:
Robert Moskowitz wrote on 20.11.2014 20:41:
I just launched a new mailserver that is using dovecot. My
previous mailserver used courier-mail. I am expecting better
things with this new server, but I was use to some login
information in logwatch that I am not seeing now. For example I
would get:
[IMAPd] Logout stats:
====================
User | Logouts | Downloaded |
Mbox Size
--------------------------------------- | ------- | ---------- |
----------
us...@htt-consult.com | 55 | 219571
| 0
us...@htt-consult.com | 285 | 221681
| 0
us...@labs.htt-consult.com | 32 | 15183
| 0
---------------------------------------------------------------------------
372 | 456435
| 0
**Unmatched Entries**
Disconnected, ip=[::ffff:107.150.52.84], time=1, starttls=1: 2
Time(s)
---------------------- IMAP End -------------------------
--------------------- POP-3 Begin ------------------------
[POP3] Logout stats (in MB):
============================
User | Logouts | Downloaded |
Mbox Size
--------------------------------------- | ------- | ---------- |
----------
us...@htt-consult.com | 78 | 5.96
| 0
us...@communaljob.com | 215 | 9.24
| 0
us...@htt-consult.com | 1 | 7.47
| 0
us...@htt-consult.com | 1 | 2.34
| 0
us...@htt-consult.com | 301 | 31.08
| 0
us...@labs.htt-consult.com | 201 | 4.98
| 0
---------------------------------------------------------------------------
797 | 61.06 |
0.00
**Unmatched Entries**
Disconnected, ip=[::ffff:107.150.52.84]: 2 Time(s)
Disconnected, ip=[::ffff:12.159.43.147]: 50 Time(s)
Disconnected, ip=[::ffff:172.245.45.20]: 61 Time(s)
LOGIN FAILED, user=Alfredo, ip=[::ffff:172.245.45.20]: 1 Time(s)
LOGIN FAILED, user=Antonio, ip=[::ffff:172.245.45.20]: 2 Time(s)
LOGIN FAILED, user=postmaster, ip=[::ffff:172.245.45.20]: 7
Time(s)
....
LOGIN FAILED, user=webmaster, ip=[::ffff:172.245.45.20]: 7 Time(s)
LOGIN FAILED, user=www, ip=[::ffff:172.245.45.20]: 4 Time(s)
Maximum connection limit reached for ::ffff:172.245.45.20: 509
Time(s)
---------------------- POP-3 End -------------------------
Whereas dovecot is only reporting:
--------------------- Dovecot Begin ------------------------
Dovecot disconnects:
Inactivity: 1 Time(s)
Logged out: 379 Time(s)
no auth attempts: 5 Time(s)
no reason: 1 Time(s)
tried to use disabled plaintext auth: 1 Time(s)
**Unmatched Entries**
dovecot: dict: mysql: Connected to localhost (postfix): 351
Time(s)
---------------------- Dovecot End -------------------------
How can I get more detailed user activity reporting to logwatch?
And why is connection to mysql under Unmatched Entries?
What version of Logwatch is installed on the server and on which
distro?
We are using Logwatch here too and the summary for Dovecot is very
detailed; even more detailed compared to what you got with
courier-mail.
I am running Redsleeve 6 which is a port of Centos 6 to ARM. Its
logwatch is:
logwatch-7.3.6-52.el6.noarch
Oh, and dovecot is:
dovecot-2.0.9-7.el6.armv5tel
Thanks for this pointer but...
There is Detail and *OnlyService parameters in logwatch's dovecot.conf
(in centos by default
/usr/share/logwatch/default.conf/services/dovecot.conf)
No detail parameter in mine which seems rather old:
# $Log: dovecot.conf,v $
# Revision 1.3 2006/08/13 21:05:03 bjorn
# Changed OnlyService to include dovecot for compatibility with Dovecot 1.0
# based on patches by Mark Nienberg; modification by Patrick Vande Walle.
*OnlyService = (imap-login|pop3-login|dovecot)
What would I add to that?
Probably you can override these parameters in
/etc/logwatch/conf/services ... but I personally never used this.
Look at the meaning of these parameters ... maybe this is the problem
Where do I look for their meaning? My google searching is coming up empty.
thanks
